﻿<?php
defined('IN_DESTOON') or exit('Access Denied');
header("Content-type: text/html; charset=utf-8");

$orderurl=$_SERVER['HTTP_REFERER'];
$urlstr = explode("&",$orderurl);
foreach($urlstr as $s){
$urlstrs = '';
$urlstrs = explode("=",$s);
$urls[] = $urlstrs[1];
}

//连接数据库
$conn=mysql_connect($CFG['db_host'],$CFG['db_user'],$CFG['db_pass']);
if(!$conn) echo "Connect database error!";
mysql_select_db($CFG['db_name'],$conn) or die("Connect Table Error");

$sqldata = "SELECT * FROM dt_content_data where left(contentID,17)='".$urls[4]."'";
if(isset($_POST['orderNo']) || trim($_POST['orderNo']) != '') {
	$urls[4] = substr($_POST['orderNo'],0,17);
	//插入支付数据
	$sqlinto = "INSERT INTO dt_content_data(contentID, payamt, paytime,addtime, note) VALUES ('".$_POST['orderNo']."','".$_POST['orderAmount']."','".$_POST['orderTime']."','".$_POST['orderTime']."','".$_POST['orderNote']."')";
	mysql_query($sqlinto) or die("Database Error, Please call the administrator!");
}
//读取支付数据
$sql = "SELECT * FROM dt_content where left(contentID,17)='".$urls[4]."'";
$result=mysql_query($sql); 
if(!$result) die("QUERY ERROR!");
if(!$urls[4]) die("ERROR,Plese ask the administrator!");
while ($row=mysql_fetch_row($result))
    {
      //echo "<br/>";
      $comp=$row[6];
      for ($i=0; $i<mysql_num_fields($result); $i++ )
      {
        //echo $row[$i];
        //echo "<br/>";
      }
    }

include_once("pkcs7/boc.class.php");
$pay = new boc("1111111a");
$pay->cert = dirname(__FILE__).'/pkcs7/cert/cert3.pem';
$pay->privateKey = dirname(__FILE__).'/pkcs7/cert/key3.pem';
if(isset($_POST['orderNo']) || trim($_POST['orderNo']) != ''){
$orderNo=$_POST['orderNo'];
}else{
if($orderurl) $orderNo = $urls[4].rand(10,99);
else $orderNo = "";
}

if($orderNo){
//签名数据格式
//orderNo|orderTime|curCode|orderAmount|merchantNo
date_default_timezone_set('PRC');
$timeso=date("YmdHis",time());
$unsignData = "23571|".$_POST['orderNo']."|001|".$_POST['orderAmount']."|".$_POST['orderTime'];

$orderTime=$timeso;
?>
<script type="text/javascript">
function checkss() {
	orderNo=document.getElementById('orderNo').value;
	orderAmount=document.getElementById('orderAmount').value;
	orderTime=document.getElementById('orderTime').value;
	orderNote=document.getElementById('orderNote').value;
	bocNo=23571;
	unsignData="23571|"+orderNo+"|001|"+orderAmount+"|"+orderTime;
	if (orderNo == ''){
	alert('请输入订单号');
	return false;
	}
	else if (orderNote == ''){
	alert('请输入订单说明');
	return false;
	}
	else (orderAmount == ''){
	alert('请输入订单金额');
	return false;
	}
alert(unsignData+'|'+orderNote);
	return true;
   }
</script>
<link rel="stylesheet" type="text/css" href="http://www.cjgjzd.com/member/image/style.css"/>
<?php if($_POST['submitrs']){
$signData = $pay->signFromStr($unsignData);
?>
<FORM METHOD="POST" ACTION="https://ebspay.boc.cn/PGWPortal/B2BRecvOrder.do" target="_blank" onsubmit="return checkss();">
<!--01.商户号-->
<input type="hidden" ID="bocNo" NAME="bocNo" VALUE="23571"/>
<!--04.订单币种-->
<input type="hidden" ID="curCode" NAME="curCode" VALUE="001"/>
<!--06.订单时间-->
<input type="hidden" ID="orderTime" NAME="orderTime" VALUE="<?php echo $_POST['orderTime'];?>"/>
<!--04.商户订单号-->
<input type="hidden" ID="orderNo" NAME="orderNo" VALUE="<?php echo $orderNo;?>"/>
<!--05.订单金额-->
<input type="hidden" ID="orderAmount" NAME="orderAmount" VALUE="<?php echo $_POST['orderAmount'];?>"/>
<!--07.订单说明-->
<input type="hidden" ID="orderNote" NAME="orderNote" VALUE="<?php echo $_POST['orderNote'];?>"/>
<!--09.商户签名数据-->
<input type="hidden" ID="signData" NAME="signData" VALUE="<?php echo $signData;?>"/>
<!--08.商户接收通知URL-->
<input type="hidden" ID="orderUrl" NAME="orderUrl" VALUE="<?php echo $_POST['orderUrl'];?>"/>
<table cellpadding="6" cellspacing="1" class="tb">
<tr>
<!--03.商户订单号-->
<td class="tl"><span class="f_red">*</span> 商户订单号</td>
<td class="tr"><?php echo $orderNo;?></td>
</tr>
<tr>
<!--03.交易公司-->
<td class="tl"><span class="f_red">*</span> 交易公司</td>
<td class="tr"><?php echo $comp;?></td>
</tr>
<tr>
<!--05.订单金额-->
<td class="tl"><span class="f_red">*</span> 订单金额</td>
<td class="tr"><?php echo $_POST['orderAmount'];?> </td>
</tr>
<tr>
<!--07.订单说明-->
<td class="tl"><span class="f_red">*</span> 订单说明</td>
<td class="tr"><?php echo $_POST['orderNote'];?> </td>
</tr>
<tr>
<!--06.订单时间-->
<td class="tl"><span class="f_red">*</span> 订单时间</td>
<td class="tr"><?php echo $_POST['orderTime'];?> </td>
</tr>
<tr>
<td colspan="2" height="20px">&nbsp;</td>
</tr>
<tr>
<td></td>
<td style="text-align:left;">
<input type="submit" style="width:80px;" name="submitrs" value=" 支 付 ">&nbsp;&nbsp; <input type="button" width="80px" name="btns" style="width:80px;" id="return" value=" 返 回 " onclick="javascript:history.back();" />
</td>
</tr>
</table>
<br/>
</FORM>
<?php }else{ ?>
<FORM METHOD="POST" ACTION="#" onsubmit="return checkss();">
<!--01.商户号-->
<input type="hidden" ID="bocNo" NAME="bocNo" VALUE="23571"/>
<!--04.订单币种-->
<input type="hidden" ID="curCode" NAME="curCode" VALUE="001"/>
<!--06.订单时间-->
<input type="hidden" ID="orderTime" NAME="orderTime" VALUE="<?php echo $orderTime;?>"/>
<!--08.商户接收通知URL-->
<input type="hidden" ID="orderUrl" NAME="orderUrl" VALUE="http://www.cjgjzd.com/chinaofbank/RecvOrderResp.php"/>
<table cellpadding="6" cellspacing="1" class="tb">
<tr>
<!--03.商户订单号-->
<td class="tl"><span class="f_red">*</span> 商户订单号</td>
<td class="tr"><input type="text" size="30" ID="orderNo" NAME="orderNo" VALUE="<?php echo $orderNo;?>"/> </td>
</tr>
<tr>
<!--05.订单金额-->
<td class="tl"><span class="f_red">*</span> 订单金额</td>
<td class="tr"><input type="text" size="20" ID="orderAmount" NAME="orderAmount" VALUE="<?php echo $orderAmount;?>"/> </td>
</tr>
<tr>
<!--07.订单说明-->
<td class="tl"><span class="f_red">*</span> 订单说明</td>
<td class="tr"><input type="text" size="40" ID="orderNote" NAME="orderNote" VALUE="<?php echo $orderNote;?>"/> </td>
</tr>

<tr>
<td></td>
<td style="text-align:left;">
<br/>
<input type="submit" style="width:80px;" name="submitrs" value=" 确 定 ">&nbsp;&nbsp;&nbsp;&nbsp; <input type="reset" style="width:80px;" name="reset" id="reset" value=" 重 置 " />
</td>
</tr>
</table>
<BR/>
</FORM><br />
<?php
}
}else{
?>
<FORM METHOD="POST" ACTION="RecvOrder.php">
<!--03.商户订单号-->
商户订单号：<INPUT TYPE="text" SIZE="19" ID="orderNo" NAME="orderNo" VALUE=""><BR/>
<input type="submit">
<BR/>
</FORM><br />
<?php
}

?>
